San Francisco Might Have Refused Ransom Demands as Hackers Now Threaten to Expose Data

It appears that San Francisco might have refused to give in to the hackers who tried to hold the city’s transit system for ransom. As reported earlier, commuters got free rides in San Francisco over the weekend after city’s municipal transit system (MUNI) was attacked. Hackers had claimed to infect over 2,000 computers and demanded a ransom in Bitcoins, worth $73,000.

While the officials didn’t say anything except the usual, we are “working to resolve the situation,” hackers have hinted that the city hasn’t been very cooperative when it comes to meeting their demands. In an email conversation with Motherboard, criminal hackers threatened to expose 30GB of MUNI databases and documents publicly unless the city gives them their demanded ransom.

Not only the attackers failed to give any proof of their holding any legitimate documents, they also took the Santa-face similar to the moral high ground that OurMine usually claims. The attackers claimed that they are doing it to show that the San Francisco Metropolitan Transportation Authority doesn’t “pay attention to your safety,” and this is just a “proof of concept.”

Hackers going by the name of “andy saolis” (a pseudonym linked to several other ransomware incidents) told the publication, they have hacked the systems “To Have More Impact to Company To Force Them to do Right Job!”

Anyone See Something like that in Hollywood Movies But it’s Completely Possible in Real World!,” they added, presumably referring to the rather bizarre site of a public transport system becoming infected with ransomware.

“It’s Show to You and Proof of Concept, Company don’t pay Attention to Your Safety!” they continued.

The threat fails to hold water, as the hackers didn’t show any samples. “When asked several times to provide proof to back up their claims, the hackers told Motherboard they were still waiting for the company to contact them, and declined to send any sample files,” the publication wrote.

The hackers, however, insist that they will indeed release the 30GB of databases that belong to MUNI, including contracts along with customer and employee data.

Hackers also contactedFortune and informed the publication that the group involved in the hack is based outside the US. “We Don’t live in USA. Sorry For My English anyway ;)”

It is an unusual ransom threat, as normally hackers either infect systems with ransomware to stop officials from operating them, or threaten to release the documents. In this case, they are doing both. MUNI officials did manage to restore the system back to work after initial flurry over the weekend.

Since there’s no official comment, it cannot be said at the moment whether officials have called this a bluff or if they plan to negotiate with the hackers. The latter seems highly unlikely considering hackers’ latest attempts at contacting media to gain more attention.